Warning: Permanently added '[localhost]:27876' (ECDSA) to the list of known hosts. 2022/09/12 18:11:02 fuzzer started 2022/09/12 18:11:03 dialing manager at localhost:38027 syzkaller login: [ 43.960584] cgroup: Unknown subsys name 'net' [ 44.060112] cgroup: Unknown subsys name 'rlimit' 2022/09/12 18:11:16 syscalls: 2215 2022/09/12 18:11:16 code coverage: enabled 2022/09/12 18:11:16 comparison tracing: enabled 2022/09/12 18:11:16 extra coverage: enabled 2022/09/12 18:11:16 setuid sandbox: enabled 2022/09/12 18:11:16 namespace sandbox: enabled 2022/09/12 18:11:16 Android sandbox: enabled 2022/09/12 18:11:16 fault injection: enabled 2022/09/12 18:11:16 leak checking: enabled 2022/09/12 18:11:16 net packet injection: enabled 2022/09/12 18:11:16 net device setup: enabled 2022/09/12 18:11:16 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/09/12 18:11:16 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/09/12 18:11:16 USB emulation: enabled 2022/09/12 18:11:16 hci packet injection: enabled 2022/09/12 18:11:16 wifi device emulation: failed to parse kernel version (6.0.0-rc5-next-20220912) 2022/09/12 18:11:16 802.15.4 emulation: enabled 2022/09/12 18:11:16 fetching corpus: 0, signal 0/2000 (executing program) 2022/09/12 18:11:16 fetching corpus: 41, signal 27950/31527 (executing program) 2022/09/12 18:11:16 fetching corpus: 91, signal 44313/49353 (executing program) 2022/09/12 18:11:17 fetching corpus: 141, signal 51793/58287 (executing program) 2022/09/12 18:11:17 fetching corpus: 191, signal 61808/69602 (executing program) 2022/09/12 18:11:17 fetching corpus: 241, signal 69710/78681 (executing program) 2022/09/12 18:11:17 fetching corpus: 291, signal 74865/85040 (executing program) 2022/09/12 18:11:17 fetching corpus: 341, signal 81272/92511 (executing program) 2022/09/12 18:11:17 fetching corpus: 391, signal 85314/97745 (executing program) 2022/09/12 18:11:18 fetching corpus: 441, signal 89220/102727 (executing program) 2022/09/12 18:11:18 fetching corpus: 491, signal 94343/108797 (executing program) 2022/09/12 18:11:18 fetching corpus: 541, signal 99080/114380 (executing program) 2022/09/12 18:11:18 fetching corpus: 591, signal 104294/120354 (executing program) 2022/09/12 18:11:18 fetching corpus: 641, signal 108255/125122 (executing program) 2022/09/12 18:11:18 fetching corpus: 691, signal 110989/128742 (executing program) 2022/09/12 18:11:19 fetching corpus: 741, signal 113583/132189 (executing program) 2022/09/12 18:11:19 fetching corpus: 791, signal 115907/135338 (executing program) 2022/09/12 18:11:19 fetching corpus: 841, signal 118922/139098 (executing program) 2022/09/12 18:11:19 fetching corpus: 891, signal 121460/142394 (executing program) 2022/09/12 18:11:19 fetching corpus: 941, signal 124129/145749 (executing program) 2022/09/12 18:11:19 fetching corpus: 991, signal 126419/148807 (executing program) 2022/09/12 18:11:19 fetching corpus: 1041, signal 128722/151807 (executing program) 2022/09/12 18:11:19 fetching corpus: 1091, signal 130855/154629 (executing program) 2022/09/12 18:11:20 fetching corpus: 1141, signal 133098/157524 (executing program) 2022/09/12 18:11:20 fetching corpus: 1191, signal 136489/161311 (executing program) 2022/09/12 18:11:20 fetching corpus: 1241, signal 137945/163488 (executing program) 2022/09/12 18:11:20 fetching corpus: 1291, signal 140549/166573 (executing program) 2022/09/12 18:11:20 fetching corpus: 1341, signal 142593/169177 (executing program) 2022/09/12 18:11:20 fetching corpus: 1391, signal 144141/171321 (executing program) 2022/09/12 18:11:21 fetching corpus: 1441, signal 146266/173952 (executing program) 2022/09/12 18:11:21 fetching corpus: 1491, signal 147717/175969 (executing program) 2022/09/12 18:11:21 fetching corpus: 1541, signal 149362/178158 (executing program) 2022/09/12 18:11:21 fetching corpus: 1591, signal 151058/180329 (executing program) 2022/09/12 18:11:21 fetching corpus: 1641, signal 152719/182447 (executing program) 2022/09/12 18:11:21 fetching corpus: 1691, signal 153975/184286 (executing program) 2022/09/12 18:11:21 fetching corpus: 1741, signal 155370/186173 (executing program) 2022/09/12 18:11:21 fetching corpus: 1791, signal 156800/188093 (executing program) 2022/09/12 18:11:22 fetching corpus: 1841, signal 158548/190136 (executing program) 2022/09/12 18:11:22 fetching corpus: 1891, signal 160293/192216 (executing program) 2022/09/12 18:11:22 fetching corpus: 1941, signal 161891/194175 (executing program) 2022/09/12 18:11:22 fetching corpus: 1991, signal 163272/196012 (executing program) 2022/09/12 18:11:22 fetching corpus: 2041, signal 165633/198455 (executing program) 2022/09/12 18:11:22 fetching corpus: 2091, signal 167104/200249 (executing program) 2022/09/12 18:11:22 fetching corpus: 2141, signal 167762/201489 (executing program) 2022/09/12 18:11:23 fetching corpus: 2191, signal 168976/203073 (executing program) 2022/09/12 18:11:23 fetching corpus: 2241, signal 171336/205417 (executing program) 2022/09/12 18:11:23 fetching corpus: 2291, signal 172617/206981 (executing program) 2022/09/12 18:11:23 fetching corpus: 2341, signal 173862/208512 (executing program) 2022/09/12 18:11:23 fetching corpus: 2390, signal 174835/209848 (executing program) 2022/09/12 18:11:23 fetching corpus: 2440, signal 176346/211495 (executing program) 2022/09/12 18:11:24 fetching corpus: 2490, signal 177348/212804 (executing program) 2022/09/12 18:11:24 fetching corpus: 2540, signal 178633/214284 (executing program) 2022/09/12 18:11:24 fetching corpus: 2590, signal 179632/215568 (executing program) 2022/09/12 18:11:24 fetching corpus: 2640, signal 180731/216886 (executing program) 2022/09/12 18:11:24 fetching corpus: 2690, signal 181902/218239 (executing program) 2022/09/12 18:11:24 fetching corpus: 2740, signal 183415/219762 (executing program) 2022/09/12 18:11:24 fetching corpus: 2790, signal 184512/221007 (executing program) 2022/09/12 18:11:25 fetching corpus: 2840, signal 185305/222103 (executing program) 2022/09/12 18:11:25 fetching corpus: 2890, signal 186198/223265 (executing program) 2022/09/12 18:11:25 fetching corpus: 2940, signal 187064/224354 (executing program) 2022/09/12 18:11:25 fetching corpus: 2990, signal 187903/225508 (executing program) 2022/09/12 18:11:25 fetching corpus: 3040, signal 188596/226445 (executing program) 2022/09/12 18:11:25 fetching corpus: 3090, signal 189580/227594 (executing program) 2022/09/12 18:11:25 fetching corpus: 3140, signal 190644/228769 (executing program) 2022/09/12 18:11:25 fetching corpus: 3190, signal 191405/229736 (executing program) 2022/09/12 18:11:26 fetching corpus: 3240, signal 192291/230782 (executing program) 2022/09/12 18:11:26 fetching corpus: 3290, signal 193230/231898 (executing program) 2022/09/12 18:11:26 fetching corpus: 3340, signal 193994/232877 (executing program) 2022/09/12 18:11:26 fetching corpus: 3390, signal 194652/233743 (executing program) 2022/09/12 18:11:26 fetching corpus: 3440, signal 195530/234751 (executing program) 2022/09/12 18:11:26 fetching corpus: 3490, signal 196348/235654 (executing program) 2022/09/12 18:11:26 fetching corpus: 3540, signal 197860/237022 (executing program) 2022/09/12 18:11:27 fetching corpus: 3590, signal 198704/238004 (executing program) 2022/09/12 18:11:27 fetching corpus: 3640, signal 199427/238879 (executing program) 2022/09/12 18:11:27 fetching corpus: 3690, signal 200050/239674 (executing program) 2022/09/12 18:11:27 fetching corpus: 3740, signal 200860/240631 (executing program) 2022/09/12 18:11:27 fetching corpus: 3790, signal 201804/241553 (executing program) 2022/09/12 18:11:27 fetching corpus: 3840, signal 202239/242256 (executing program) 2022/09/12 18:11:27 fetching corpus: 3890, signal 203275/243268 (executing program) 2022/09/12 18:11:27 fetching corpus: 3940, signal 203959/244068 (executing program) 2022/09/12 18:11:28 fetching corpus: 3990, signal 205062/245052 (executing program) 2022/09/12 18:11:28 fetching corpus: 4040, signal 206176/245998 (executing program) 2022/09/12 18:11:28 fetching corpus: 4090, signal 207234/246887 (executing program) 2022/09/12 18:11:28 fetching corpus: 4140, signal 207782/247564 (executing program) 2022/09/12 18:11:28 fetching corpus: 4190, signal 208511/248288 (executing program) 2022/09/12 18:11:28 fetching corpus: 4240, signal 209091/248922 (executing program) 2022/09/12 18:11:28 fetching corpus: 4290, signal 209706/249650 (executing program) 2022/09/12 18:11:29 fetching corpus: 4340, signal 210561/250401 (executing program) 2022/09/12 18:11:29 fetching corpus: 4390, signal 211419/251133 (executing program) 2022/09/12 18:11:29 fetching corpus: 4440, signal 212133/251836 (executing program) 2022/09/12 18:11:29 fetching corpus: 4489, signal 212729/252468 (executing program) 2022/09/12 18:11:29 fetching corpus: 4539, signal 213823/253261 (executing program) 2022/09/12 18:11:29 fetching corpus: 4589, signal 214639/253966 (executing program) 2022/09/12 18:11:30 fetching corpus: 4639, signal 215344/254599 (executing program) 2022/09/12 18:11:30 fetching corpus: 4689, signal 215854/255176 (executing program) 2022/09/12 18:11:30 fetching corpus: 4739, signal 216940/256013 (executing program) 2022/09/12 18:11:30 fetching corpus: 4789, signal 217632/256634 (executing program) 2022/09/12 18:11:30 fetching corpus: 4839, signal 218096/257189 (executing program) 2022/09/12 18:11:30 fetching corpus: 4889, signal 219144/257961 (executing program) 2022/09/12 18:11:30 fetching corpus: 4939, signal 219823/258546 (executing program) 2022/09/12 18:11:30 fetching corpus: 4989, signal 220273/259032 (executing program) 2022/09/12 18:11:31 fetching corpus: 5039, signal 220909/259582 (executing program) 2022/09/12 18:11:31 fetching corpus: 5089, signal 221648/260146 (executing program) 2022/09/12 18:11:31 fetching corpus: 5139, signal 222310/260696 (executing program) 2022/09/12 18:11:31 fetching corpus: 5189, signal 222980/261272 (executing program) 2022/09/12 18:11:31 fetching corpus: 5239, signal 223624/261808 (executing program) 2022/09/12 18:11:31 fetching corpus: 5289, signal 224339/262352 (executing program) 2022/09/12 18:11:31 fetching corpus: 5339, signal 224906/262804 (executing program) 2022/09/12 18:11:32 fetching corpus: 5389, signal 225950/263357 (executing program) 2022/09/12 18:11:32 fetching corpus: 5439, signal 226465/263785 (executing program) 2022/09/12 18:11:32 fetching corpus: 5489, signal 227013/264234 (executing program) 2022/09/12 18:11:32 fetching corpus: 5539, signal 227554/264646 (executing program) 2022/09/12 18:11:32 fetching corpus: 5589, signal 228170/265090 (executing program) 2022/09/12 18:11:32 fetching corpus: 5639, signal 228585/265488 (executing program) 2022/09/12 18:11:32 fetching corpus: 5689, signal 229371/265985 (executing program) 2022/09/12 18:11:33 fetching corpus: 5739, signal 229965/266379 (executing program) 2022/09/12 18:11:33 fetching corpus: 5789, signal 230454/266748 (executing program) 2022/09/12 18:11:33 fetching corpus: 5839, signal 231159/267119 (executing program) 2022/09/12 18:11:33 fetching corpus: 5889, signal 231903/267532 (executing program) 2022/09/12 18:11:33 fetching corpus: 5939, signal 232451/267919 (executing program) 2022/09/12 18:11:33 fetching corpus: 5989, signal 233078/268290 (executing program) 2022/09/12 18:11:34 fetching corpus: 6039, signal 233604/268639 (executing program) 2022/09/12 18:11:34 fetching corpus: 6089, signal 234204/268985 (executing program) 2022/09/12 18:11:34 fetching corpus: 6139, signal 234666/269277 (executing program) 2022/09/12 18:11:34 fetching corpus: 6189, signal 235248/269604 (executing program) 2022/09/12 18:11:34 fetching corpus: 6239, signal 235745/269918 (executing program) 2022/09/12 18:11:34 fetching corpus: 6289, signal 236759/270233 (executing program) 2022/09/12 18:11:34 fetching corpus: 6339, signal 237288/270579 (executing program) 2022/09/12 18:11:34 fetching corpus: 6389, signal 237911/270833 (executing program) 2022/09/12 18:11:35 fetching corpus: 6439, signal 238265/271106 (executing program) 2022/09/12 18:11:35 fetching corpus: 6489, signal 238835/271373 (executing program) 2022/09/12 18:11:35 fetching corpus: 6539, signal 239576/271629 (executing program) 2022/09/12 18:11:35 fetching corpus: 6589, signal 239984/271683 (executing program) 2022/09/12 18:11:35 fetching corpus: 6639, signal 240803/271702 (executing program) 2022/09/12 18:11:35 fetching corpus: 6689, signal 241198/271714 (executing program) 2022/09/12 18:11:35 fetching corpus: 6739, signal 241744/271735 (executing program) 2022/09/12 18:11:35 fetching corpus: 6789, signal 242166/271771 (executing program) 2022/09/12 18:11:36 fetching corpus: 6839, signal 243044/271796 (executing program) 2022/09/12 18:11:36 fetching corpus: 6889, signal 243522/271804 (executing program) 2022/09/12 18:11:36 fetching corpus: 6939, signal 244096/271823 (executing program) 2022/09/12 18:11:36 fetching corpus: 6989, signal 244580/271878 (executing program) 2022/09/12 18:11:36 fetching corpus: 7039, signal 245041/271879 (executing program) 2022/09/12 18:11:36 fetching corpus: 7089, signal 245627/271887 (executing program) 2022/09/12 18:11:36 fetching corpus: 7139, signal 245989/271892 (executing program) 2022/09/12 18:11:37 fetching corpus: 7189, signal 246679/271895 (executing program) 2022/09/12 18:11:37 fetching corpus: 7239, signal 247241/271909 (executing program) 2022/09/12 18:11:37 fetching corpus: 7289, signal 247597/271915 (executing program) 2022/09/12 18:11:37 fetching corpus: 7339, signal 247961/271920 (executing program) 2022/09/12 18:11:37 fetching corpus: 7389, signal 248595/271926 (executing program) 2022/09/12 18:11:37 fetching corpus: 7439, signal 249133/271981 (executing program) 2022/09/12 18:11:37 fetching corpus: 7489, signal 249657/271988 (executing program) 2022/09/12 18:11:38 fetching corpus: 7539, signal 250090/271989 (executing program) 2022/09/12 18:11:38 fetching corpus: 7588, signal 250533/272014 (executing program) 2022/09/12 18:11:38 fetching corpus: 7638, signal 250895/272019 (executing program) 2022/09/12 18:11:38 fetching corpus: 7688, signal 251402/272027 (executing program) 2022/09/12 18:11:38 fetching corpus: 7738, signal 251802/272038 (executing program) 2022/09/12 18:11:38 fetching corpus: 7788, signal 252158/272039 (executing program) 2022/09/12 18:11:39 fetching corpus: 7838, signal 252662/272047 (executing program) 2022/09/12 18:11:39 fetching corpus: 7888, signal 253039/272055 (executing program) 2022/09/12 18:11:39 fetching corpus: 7938, signal 253509/272064 (executing program) 2022/09/12 18:11:39 fetching corpus: 7988, signal 253890/272079 (executing program) 2022/09/12 18:11:39 fetching corpus: 8038, signal 254320/272188 (executing program) 2022/09/12 18:11:39 fetching corpus: 8088, signal 254750/272229 (executing program) 2022/09/12 18:11:39 fetching corpus: 8138, signal 255183/272275 (executing program) 2022/09/12 18:11:39 fetching corpus: 8188, signal 255456/272278 (executing program) 2022/09/12 18:11:40 fetching corpus: 8238, signal 256055/272300 (executing program) 2022/09/12 18:11:40 fetching corpus: 8288, signal 256683/272300 (executing program) 2022/09/12 18:11:40 fetching corpus: 8338, signal 257026/272321 (executing program) 2022/09/12 18:11:40 fetching corpus: 8388, signal 257532/272335 (executing program) 2022/09/12 18:11:40 fetching corpus: 8438, signal 257898/272348 (executing program) 2022/09/12 18:11:40 fetching corpus: 8488, signal 258391/272348 (executing program) 2022/09/12 18:11:40 fetching corpus: 8538, signal 258951/272363 (executing program) 2022/09/12 18:11:41 fetching corpus: 8588, signal 259464/272363 (executing program) 2022/09/12 18:11:41 fetching corpus: 8638, signal 259872/272366 (executing program) 2022/09/12 18:11:41 fetching corpus: 8688, signal 260232/272369 (executing program) 2022/09/12 18:11:41 fetching corpus: 8738, signal 260655/272371 (executing program) 2022/09/12 18:11:41 fetching corpus: 8788, signal 261113/272374 (executing program) 2022/09/12 18:11:41 fetching corpus: 8838, signal 261607/272376 (executing program) 2022/09/12 18:11:41 fetching corpus: 8885, signal 261995/272390 (executing program) 2022/09/12 18:11:41 fetching corpus: 8885, signal 261995/272390 (executing program) 2022/09/12 18:11:44 starting 8 fuzzer processes 18:11:44 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000001700)={0x0, 0x2}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES64=r0, @ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRESOCT]) fstat(r2, &(0x7f0000000a40)) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0xa8420, &(0x7f0000000940)={'trans=unix,', {[{@cache_fscache}, {@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'environ\x00'}}, {@subj_role={'subj_role', 0x3d, 'environ\x00'}}, {@euid_eq={'euid', 0x3d, r4}}, {@measure}]}}) getdents(r1, &(0x7f0000000000)=""/94, 0x20000018) fstat(0xffffffffffffffff, &(0x7f0000000400)) 18:11:44 executing program 1: socket$inet_udp(0x2, 0x2, 0x0) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0) r0 = io_uring_setup(0x328a, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES(r0, 0x18, &(0x7f0000000100)=[0xffffffffffffffff], 0x1) 18:11:44 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, 0x0, &(0x7f0000000440)) 18:11:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000040)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x8000000, 0x0) read(r0, &(0x7f0000000140)=""/78, 0xfffffdef) 18:11:44 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fdatasync(r0) 18:11:44 executing program 5: mknod(&(0x7f0000008d80)='./file0\x00', 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{}]}) 18:11:44 executing program 6: clock_adjtime(0x0, &(0x7f0000000100)={0x5fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0xf423f, 0x0, 0x0, 0x0, 0x1f}) 18:11:44 executing program 7: syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x38e38e38e38e46f, [{{0x9, 0x2, 0x48}}]}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000002480)='fd/3\x00') ioctl$TIOCGWINSZ(r0, 0x4004550e, 0x0) [ 84.906227] audit: type=1400 audit(1663006304.289:6): avc: denied { execmem } for pid=286 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 86.103097] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.105341] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.107000] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.110266] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.112417] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.114574] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.127412] Bluetooth: hci0: HCI_REQ-0x0c1a [ 86.140513] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.142515] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.143756] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.146346] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.147860] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.149286] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.154780] Bluetooth: hci2: HCI_REQ-0x0c1a [ 86.174622] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.177269] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.178753] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.187643] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.189580] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.191095] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.214040] Bluetooth: hci1: HCI_REQ-0x0c1a [ 86.296614] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.298633] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.304395] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.305402] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.307943] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.308659] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.312220] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 86.313636] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.314820] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 86.316049] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 86.316702] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 86.318016] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.324019] Bluetooth: hci4: HCI_REQ-0x0c1a [ 86.349291] Bluetooth: hci5: HCI_REQ-0x0c1a [ 86.374602] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 86.378247] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 86.380174] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 86.386153] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 86.390101] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 86.392583] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 86.397574] Bluetooth: hci7: HCI_REQ-0x0c1a [ 88.183577] Bluetooth: hci2: command 0x0409 tx timeout [ 88.184191] Bluetooth: hci0: command 0x0409 tx timeout [ 88.246996] Bluetooth: hci1: command 0x0409 tx timeout [ 88.248305] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 88.376154] Bluetooth: hci4: command 0x0409 tx timeout [ 88.376867] Bluetooth: hci6: Opcode 0x c03 failed: -110 [ 88.439011] Bluetooth: hci5: command 0x0409 tx timeout [ 88.439970] Bluetooth: hci7: command 0x0409 tx timeout [ 90.231006] Bluetooth: hci0: command 0x041b tx timeout [ 90.231526] Bluetooth: hci2: command 0x041b tx timeout [ 90.295063] Bluetooth: hci1: command 0x041b tx timeout [ 90.422994] Bluetooth: hci4: command 0x041b tx timeout [ 90.488017] Bluetooth: hci7: command 0x041b tx timeout [ 90.488949] Bluetooth: hci5: command 0x041b tx timeout [ 91.969722] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 91.970837] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 91.994339] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 92.005854] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 92.008257] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 92.009519] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 92.013800] Bluetooth: hci6: HCI_REQ-0x0c1a [ 92.279998] Bluetooth: hci2: command 0x040f tx timeout [ 92.280506] Bluetooth: hci0: command 0x040f tx timeout [ 92.342964] Bluetooth: hci1: command 0x040f tx timeout [ 92.471956] Bluetooth: hci4: command 0x040f tx timeout [ 92.535968] Bluetooth: hci5: command 0x040f tx timeout [ 92.536453] Bluetooth: hci7: command 0x040f tx timeout [ 93.495994] Bluetooth: hci3: Opcode 0x c03 failed: -110 [ 94.071965] Bluetooth: hci6: command 0x0409 tx timeout [ 94.327007] Bluetooth: hci0: command 0x0419 tx timeout [ 94.327520] Bluetooth: hci2: command 0x0419 tx timeout [ 94.392026] Bluetooth: hci1: command 0x0419 tx timeout [ 94.519960] Bluetooth: hci4: command 0x0419 tx timeout [ 94.583028] Bluetooth: hci7: command 0x0419 tx timeout [ 94.583513] Bluetooth: hci5: command 0x0419 tx timeout [ 96.118967] Bluetooth: hci6: command 0x041b tx timeout [ 96.251267] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.252728] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.253638] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.255776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.256767] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 96.257858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.260634] Bluetooth: hci3: HCI_REQ-0x0c1a [ 98.166976] Bluetooth: hci6: command 0x040f tx timeout [ 98.294955] Bluetooth: hci3: command 0x0409 tx timeout [ 100.215212] Bluetooth: hci6: command 0x0419 tx timeout [ 100.343149] Bluetooth: hci3: command 0x041b tx timeout [ 102.391061] Bluetooth: hci3: command 0x040f tx timeout [ 104.439025] Bluetooth: hci3: command 0x0419 tx timeout 18:12:41 executing program 6: clock_adjtime(0x0, &(0x7f0000000100)={0x5fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0xf423f, 0x0, 0x0, 0x0, 0x1f}) 18:12:42 executing program 6: clock_adjtime(0x0, &(0x7f0000000100)={0x5fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0xf423f, 0x0, 0x0, 0x0, 0x1f}) 18:12:43 executing program 6: clock_adjtime(0x0, &(0x7f0000000100)={0x5fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0xf423f, 0x0, 0x0, 0x0, 0x1f}) 18:12:43 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fdatasync(r0) 18:12:44 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fdatasync(r0) 18:12:44 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) dup(r1) [ 140.501829] audit: type=1400 audit(1663006364.885:7): avc: denied { open } for pid=3754 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 140.503450] audit: type=1400 audit(1663006364.885:8): avc: denied { kernel } for pid=3754 comm="syz-executor.6" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 140.523051] ------------[ cut here ]------------ [ 140.523075] [ 140.523080] ====================================================== [ 140.523084] WARNING: possible circular locking dependency detected [ 140.523088] 6.0.0-rc5-next-20220912 #1 Not tainted [ 140.523095] ------------------------------------------------------ [ 140.523099] syz-executor.6/3755 is trying to acquire lock: [ 140.523106] ffffffff853fa878 ((console_sem).lock){....}-{2:2}, at: down_trylock+0xe/0x70 [ 140.523146] [ 140.523146] but task is already holding lock: [ 140.523149] ffff8880087ce420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 140.523178] [ 140.523178] which lock already depends on the new lock. [ 140.523178] [ 140.523181] [ 140.523181] the existing dependency chain (in reverse order) is: [ 140.523184] [ 140.523184] -> #3 (&ctx->lock){....}-{2:2}: [ 140.523198] _raw_spin_lock+0x2a/0x40 [ 140.523215] __perf_event_task_sched_out+0x53b/0x18d0 [ 140.523228] __schedule+0xedd/0x2470 [ 140.523238] schedule+0xda/0x1b0 [ 140.523247] futex_wait_queue+0xf5/0x1e0 [ 140.523259] futex_wait+0x28e/0x690 [ 140.523269] do_futex+0x2ff/0x380 [ 140.523279] __x64_sys_futex+0x1c6/0x4d0 [ 140.523289] do_syscall_64+0x3b/0x90 [ 140.523303] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.523321] [ 140.523321] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 140.523335] _raw_spin_lock_nested+0x30/0x40 [ 140.523350] raw_spin_rq_lock_nested+0x1e/0x30 [ 140.523363] task_fork_fair+0x63/0x4d0 [ 140.523381] sched_cgroup_fork+0x3d0/0x540 [ 140.523396] copy_process+0x3f9e/0x6df0 [ 140.523407] kernel_clone+0xe7/0x890 [ 140.523416] user_mode_thread+0xad/0xf0 [ 140.523427] rest_init+0x24/0x250 [ 140.523443] arch_call_rest_init+0xf/0x14 [ 140.523463] start_kernel+0x4c1/0x4e6 [ 140.523480] secondary_startup_64_no_verify+0xe0/0xeb [ 140.523495] [ 140.523495] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 140.523509] _raw_spin_lock_irqsave+0x39/0x60 [ 140.523524] try_to_wake_up+0xab/0x1920 [ 140.523538] up+0x75/0xb0 [ 140.523549] __up_console_sem+0x6e/0x80 [ 140.523566] console_unlock+0x46a/0x590 [ 140.523582] do_con_write+0xc05/0x1d50 [ 140.523595] con_write+0x21/0x40 [ 140.523604] n_tty_write+0x4d4/0xfe0 [ 140.523617] file_tty_write.constprop.0+0x49c/0x8f0 [ 140.523630] vfs_write+0x9c3/0xd90 [ 140.523648] ksys_write+0x127/0x250 [ 140.523666] do_syscall_64+0x3b/0x90 [ 140.523679] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.523696] [ 140.523696] -> #0 ((console_sem).lock){....}-{2:2}: [ 140.523710] __lock_acquire+0x2a02/0x5e70 [ 140.523727] lock_acquire+0x1a2/0x530 [ 140.523744] _raw_spin_lock_irqsave+0x39/0x60 [ 140.523758] down_trylock+0xe/0x70 [ 140.523771] __down_trylock_console_sem+0x3b/0xd0 [ 140.523788] vprintk_emit+0x16b/0x560 [ 140.523805] vprintk+0x84/0xa0 [ 140.523822] _printk+0xba/0xf1 [ 140.523840] report_bug.cold+0x72/0xab [ 140.523852] handle_bug+0x3c/0x70 [ 140.523865] exc_invalid_op+0x14/0x50 [ 140.523878] asm_exc_invalid_op+0x16/0x20 [ 140.523895] group_sched_out.part.0+0x2c7/0x460 [ 140.523906] ctx_sched_out+0x8f1/0xc10 [ 140.523915] __perf_event_task_sched_out+0x6d0/0x18d0 [ 140.523928] __schedule+0xedd/0x2470 [ 140.523937] schedule+0xda/0x1b0 [ 140.523947] futex_wait_queue+0xf5/0x1e0 [ 140.523957] futex_wait+0x28e/0x690 [ 140.523967] do_futex+0x2ff/0x380 [ 140.523976] __x64_sys_futex+0x1c6/0x4d0 [ 140.523986] do_syscall_64+0x3b/0x90 [ 140.523999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.524016] [ 140.524016] other info that might help us debug this: [ 140.524016] [ 140.524019] Chain exists of: [ 140.524019] (console_sem).lock --> &rq->__lock --> &ctx->lock [ 140.524019] [ 140.524034] Possible unsafe locking scenario: [ 140.524034] [ 140.524037] CPU0 CPU1 [ 140.524039] ---- ---- [ 140.524042] lock(&ctx->lock); [ 140.524048] lock(&rq->__lock); [ 140.524054] lock(&ctx->lock); [ 140.524061] lock((console_sem).lock); [ 140.524066] [ 140.524066] *** DEADLOCK *** [ 140.524066] [ 140.524068] 2 locks held by syz-executor.6/3755: [ 140.524076] #0: ffff88806ce37cd8 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x1cf/0x2470 [ 140.524101] #1: ffff8880087ce420 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_out+0x53b/0x18d0 [ 140.524130] [ 140.524130] stack backtrace: [ 140.524133] CPU: 0 PID: 3755 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 140.524146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 140.524154] Call Trace: [ 140.524158] [ 140.524162] dump_stack_lvl+0x8b/0xb3 [ 140.524177] check_noncircular+0x263/0x2e0 [ 140.524194] ? format_decode+0x26c/0xb50 [ 140.524209] ? print_circular_bug+0x450/0x450 [ 140.524227] ? enable_ptr_key_workfn+0x20/0x20 [ 140.524242] ? format_decode+0x26c/0xb50 [ 140.524257] ? alloc_chain_hlocks+0x1ec/0x5a0 [ 140.524276] __lock_acquire+0x2a02/0x5e70 [ 140.524299] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 140.524322] lock_acquire+0x1a2/0x530 [ 140.524339] ? down_trylock+0xe/0x70 [ 140.524354] ? rcu_read_unlock+0x40/0x40 [ 140.524376] ? vprintk+0x84/0xa0 [ 140.524395] _raw_spin_lock_irqsave+0x39/0x60 [ 140.524410] ? down_trylock+0xe/0x70 [ 140.524424] down_trylock+0xe/0x70 [ 140.524438] ? vprintk+0x84/0xa0 [ 140.524456] __down_trylock_console_sem+0x3b/0xd0 [ 140.524474] vprintk_emit+0x16b/0x560 [ 140.524494] vprintk+0x84/0xa0 [ 140.524512] _printk+0xba/0xf1 [ 140.524530] ? record_print_text.cold+0x16/0x16 [ 140.524553] ? report_bug.cold+0x66/0xab [ 140.524567] ? group_sched_out.part.0+0x2c7/0x460 [ 140.524579] report_bug.cold+0x72/0xab [ 140.524594] handle_bug+0x3c/0x70 [ 140.524608] exc_invalid_op+0x14/0x50 [ 140.524622] asm_exc_invalid_op+0x16/0x20 [ 140.524640] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 140.524654] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 140.524666] RSP: 0018:ffff88804301f8f8 EFLAGS: 00010006 [ 140.524675] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 140.524683] RDX: ffff888042fd1ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 140.524691] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 140.524699] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880087ce400 [ 140.524707] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 140.524718] ? group_sched_out.part.0+0x2c7/0x460 [ 140.524732] ? group_sched_out.part.0+0x2c7/0x460 [ 140.524745] ctx_sched_out+0x8f1/0xc10 [ 140.524757] __perf_event_task_sched_out+0x6d0/0x18d0 [ 140.524773] ? lock_is_held_type+0xd7/0x130 [ 140.524792] ? __perf_cgroup_move+0x160/0x160 [ 140.524804] ? set_next_entity+0x304/0x550 [ 140.524825] ? lock_is_held_type+0xd7/0x130 [ 140.524844] __schedule+0xedd/0x2470 [ 140.524857] ? io_schedule_timeout+0x150/0x150 [ 140.524868] ? futex_wait_setup+0x166/0x230 [ 140.524883] schedule+0xda/0x1b0 [ 140.524894] futex_wait_queue+0xf5/0x1e0 [ 140.524906] futex_wait+0x28e/0x690 [ 140.524919] ? futex_wait_setup+0x230/0x230 [ 140.524932] ? wake_up_q+0x8b/0xf0 [ 140.524946] ? do_raw_spin_unlock+0x4f/0x220 [ 140.524966] ? futex_wake+0x158/0x490 [ 140.524982] ? fd_install+0x1f9/0x640 [ 140.525001] do_futex+0x2ff/0x380 [ 140.525012] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 140.525028] __x64_sys_futex+0x1c6/0x4d0 [ 140.525041] ? __x64_sys_futex_time32+0x480/0x480 [ 140.525054] ? syscall_enter_from_user_mode+0x1d/0x50 [ 140.525072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 140.525093] do_syscall_64+0x3b/0x90 [ 140.525107] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.525125] RIP: 0033:0x7f4a4ea1fb19 [ 140.525133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 140.525145] RSP: 002b:00007f4a4bf95218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 140.525156] RAX: ffffffffffffffda RBX: 00007f4a4eb32f68 RCX: 00007f4a4ea1fb19 [ 140.525164] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4a4eb32f68 [ 140.525171] RBP: 00007f4a4eb32f60 R08: 0000000000000000 R09: 0000000000000000 [ 140.525179] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4a4eb32f6c [ 140.525186] R13: 00007ffd8f0e0b1f R14: 00007f4a4bf95300 R15: 0000000000022000 [ 140.525199] [ 140.586274] WARNING: CPU: 0 PID: 3755 at kernel/events/core.c:2309 group_sched_out.part.0+0x2c7/0x460 [ 140.586983] Modules linked in: [ 140.587225] CPU: 0 PID: 3755 Comm: syz-executor.6 Not tainted 6.0.0-rc5-next-20220912 #1 [ 140.587800] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 140.588598] RIP: 0010:group_sched_out.part.0+0x2c7/0x460 [ 140.589001] Code: 5e 41 5f e9 3b b7 ef ff e8 36 b7 ef ff 65 8b 1d ab 15 ac 7e 31 ff 89 de e8 d6 b3 ef ff 85 db 0f 84 8a 00 00 00 e8 19 b7 ef ff <0f> 0b e9 a5 fe ff ff e8 0d b7 ef ff 48 8d 7d 10 48 b8 00 00 00 00 [ 140.590297] RSP: 0018:ffff88804301f8f8 EFLAGS: 00010006 [ 140.590689] RAX: 0000000040000002 RBX: 0000000000000000 RCX: 0000000000000000 [ 140.591215] RDX: ffff888042fd1ac0 RSI: ffffffff81566027 RDI: 0000000000000005 [ 140.591738] RBP: ffff888008660000 R08: 0000000000000005 R09: 0000000000000001 [ 140.592254] R10: 0000000000000000 R11: ffffffff865aa01b R12: ffff8880087ce400 [ 140.592780] R13: ffff88806ce3d100 R14: ffffffff8547c660 R15: 0000000000000002 [ 140.593304] FS: 00007f4a4bf95700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 140.593892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.594322] CR2: 00007f0ece6074a1 CR3: 000000003f938000 CR4: 0000000000350ef0 [ 140.594872] Call Trace: [ 140.595061] [ 140.595230] ctx_sched_out+0x8f1/0xc10 [ 140.595527] __perf_event_task_sched_out+0x6d0/0x18d0 [ 140.595920] ? lock_is_held_type+0xd7/0x130 [ 140.596254] ? __perf_cgroup_move+0x160/0x160 [ 140.596596] ? set_next_entity+0x304/0x550 [ 140.596926] ? lock_is_held_type+0xd7/0x130 [ 140.597259] __schedule+0xedd/0x2470 [ 140.597547] ? io_schedule_timeout+0x150/0x150 [ 140.597903] ? futex_wait_setup+0x166/0x230 [ 140.598228] schedule+0xda/0x1b0 [ 140.598508] futex_wait_queue+0xf5/0x1e0 [ 140.598830] futex_wait+0x28e/0x690 [ 140.599163] ? futex_wait_setup+0x230/0x230 [ 140.599573] ? wake_up_q+0x8b/0xf0 [ 140.599914] ? do_raw_spin_unlock+0x4f/0x220 [ 140.600341] ? futex_wake+0x158/0x490 [ 140.600680] ? fd_install+0x1f9/0x640 [ 140.601043] do_futex+0x2ff/0x380 [ 140.601367] ? __ia32_compat_sys_get_robust_list+0x3b0/0x3b0 [ 140.601880] __x64_sys_futex+0x1c6/0x4d0 [ 140.602244] ? __x64_sys_futex_time32+0x480/0x480 [ 140.602692] ? syscall_enter_from_user_mode+0x1d/0x50 [ 140.603172] ? syscall_enter_from_user_mode+0x1d/0x50 [ 140.603635] do_syscall_64+0x3b/0x90 [ 140.603972] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.604435] RIP: 0033:0x7f4a4ea1fb19 [ 140.604763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 140.606360] RSP: 002b:00007f4a4bf95218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 140.607046] RAX: ffffffffffffffda RBX: 00007f4a4eb32f68 RCX: 00007f4a4ea1fb19 [ 140.607670] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4a4eb32f68 [ 140.608303] RBP: 00007f4a4eb32f60 R08: 0000000000000000 R09: 0000000000000000 [ 140.608926] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4a4eb32f6c [ 140.609552] R13: 00007ffd8f0e0b1f R14: 00007f4a4bf95300 R15: 0000000000022000 [ 140.610191] [ 140.610426] irq event stamp: 734 [ 140.610680] hardirqs last enabled at (733): [] syscall_enter_from_user_mode+0x1d/0x50 [ 140.611372] hardirqs last disabled at (734): [] __schedule+0x1225/0x2470 [ 140.611986] softirqs last enabled at (576): [] __irq_exit_rcu+0x11b/0x180 [ 140.612614] softirqs last disabled at (567): [] __irq_exit_rcu+0x11b/0x180 [ 140.613241] ---[ end trace 0000000000000000 ]--- 18:12:45 executing program 3: syz_mount_image$nfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fdatasync(r0) 18:12:45 executing program 1: r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d6b646f7366d8a02b00080101000440002000f801", 0x17}, {0x0, 0x0, 0x2800}], 0x0, &(0x7f0000000140)=ANY=[]) ioctl$FITRIM(r0, 0x40047211, 0x0) [ 140.656128] loop1: detected capacity change from 0 to 40 [ 140.931259] ieee80211 : Selected rate control algorithm 'minstrel_ht' [ 141.019402] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' [ 141.110639] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht' [ 141.148762] syz-executor.6 (3755) used greatest stack depth: 24600 bytes left [ 141.149555] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht' [ 141.353681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.354659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.863365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.864137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.558924] hrtimer: interrupt took 16361 ns 18:12:48 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:48 executing program 1: r0 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f00000001c0)={0x0, "8e89693fea3cd139e507f8b4c1f0345281829f4bf63c19d647518a37bd4e5b781cc9afa802405e929c3ffe9ae41e2b184f3dd3894c47c3a679504f5c66d7ea1d"}, 0x48, 0xfffffffffffffffe) keyctl$link(0x8, r0, r0) 18:12:48 executing program 3: io_pgetevents(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) 18:12:48 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) dup(r1) 18:12:48 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000001700)={0x0, 0x2}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES64=r0, @ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRESOCT]) fstat(r2, &(0x7f0000000a40)) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0xa8420, &(0x7f0000000940)={'trans=unix,', {[{@cache_fscache}, {@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'environ\x00'}}, {@subj_role={'subj_role', 0x3d, 'environ\x00'}}, {@euid_eq={'euid', 0x3d, r4}}, {@measure}]}}) getdents(r1, &(0x7f0000000000)=""/94, 0x20000018) fstat(0xffffffffffffffff, &(0x7f0000000400)) 18:12:48 executing program 5: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:48 executing program 7: syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x38e38e38e38e46f, [{{0x9, 0x2, 0x48}}]}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000002480)='fd/3\x00') ioctl$TIOCGWINSZ(r0, 0x4004550e, 0x0) 18:12:48 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000040)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x8000000, 0x0) read(r0, &(0x7f0000000140)=""/78, 0xfffffdef) 18:12:48 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x76, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37]}, &(0x7f00000001c0)={0x0, "93937740309301cc262b6cf95906b2fa23ffbe9bed42fb660b866f9b1184cda96506bdb84350a162e054ec97cc44b68f16550ff2bd88766c7fcae815fdc8f237"}, 0x48, 0xffffffffffffffff) keyctl$setperm(0x5, r0, 0x0) [ 143.841693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.848991] audit: type=1400 audit(1663006368.230:9): avc: denied { read } for pid=3984 comm="syz-executor.5" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=perf_event permissive=1 [ 143.855979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 18:12:48 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) faccessat(r0, &(0x7f0000000080)='./file1\x00', 0x0) 18:12:48 executing program 1: socketpair(0xa, 0x3, 0x7, &(0x7f0000002700)) 18:12:48 executing program 5: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:48 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) faccessat(r0, &(0x7f0000000080)='./file1\x00', 0x0) 18:12:48 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) faccessat(r0, &(0x7f0000000080)='./file1\x00', 0x0) 18:12:48 executing program 1: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:48 executing program 3: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/config', 0x0, 0x0) faccessat(r0, &(0x7f0000000080)='./file1\x00', 0x0) [ 144.705473] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht' 18:12:49 executing program 1: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:49 executing program 5: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:49 executing program 7: syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x38e38e38e38e46f, [{{0x9, 0x2, 0x48}}]}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000002480)='fd/3\x00') ioctl$TIOCGWINSZ(r0, 0x4004550e, 0x0) 18:12:49 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) lseek(r0, 0x0, 0x0) 18:12:49 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000001700)={0x0, 0x2}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES64=r0, @ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRESOCT]) fstat(r2, &(0x7f0000000a40)) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0xa8420, &(0x7f0000000940)={'trans=unix,', {[{@cache_fscache}, {@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'environ\x00'}}, {@subj_role={'subj_role', 0x3d, 'environ\x00'}}, {@euid_eq={'euid', 0x3d, r4}}, {@measure}]}}) getdents(r1, &(0x7f0000000000)=""/94, 0x20000018) fstat(0xffffffffffffffff, &(0x7f0000000400)) 18:12:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000040)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x8000000, 0x0) read(r0, &(0x7f0000000140)=""/78, 0xfffffdef) 18:12:49 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) dup(r1) 18:12:49 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) [ 144.909036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.910425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 18:12:49 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) lseek(r0, 0x0, 0x0) 18:12:49 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) lseek(r0, 0x0, 0x0) 18:12:49 executing program 5: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:49 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18}, './file0\x00'}) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000001700)={0x0, 0x2}) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000480), 0x1}, 0x603}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score_adj\x00') ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000300)=ANY=[@ANYRESHEX, @ANYRES32, @ANYRES64=r0, @ANYRESHEX, @ANYRES16, @ANYRESDEC, @ANYRES64, @ANYRES32, @ANYRESOCT]) fstat(r2, &(0x7f0000000a40)) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0xa8420, &(0x7f0000000940)={'trans=unix,', {[{@cache_fscache}, {@access_client}, {@access_any}, {@access_uid={'access', 0x3d, 0xee01}}, {@privport}, {@dfltgid={'dfltgid', 0x3d, r3}}], [{@fscontext={'fscontext', 0x3d, 'system_u'}}, {@obj_user={'obj_user', 0x3d, 'environ\x00'}}, {@subj_role={'subj_role', 0x3d, 'environ\x00'}}, {@euid_eq={'euid', 0x3d, r4}}, {@measure}]}}) getdents(r1, &(0x7f0000000000)=""/94, 0x20000018) fstat(0xffffffffffffffff, &(0x7f0000000400)) [ 145.236833] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 145.365641] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 145.415828] syz-executor.6 (4029) used greatest stack depth: 24408 bytes left 18:12:49 executing program 1: r0 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x32361, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) write(r1, &(0x7f0000000080)="01", 0x41030) 18:12:49 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:49 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:49 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x4d4, 0x3c}, 0x2, @in6=@empty, 0x0, 0x1, 0x0, 0xfe}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) 18:12:49 executing program 7: syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x38e38e38e38e46f, [{{0x9, 0x2, 0x48}}]}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000002480)='fd/3\x00') ioctl$TIOCGWINSZ(r0, 0x4004550e, 0x0) 18:12:49 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000007ec0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@typed={0x4, 0x0, 0x0, 0x0, @binary}, @nested={0x5, 0x11, 0x0, 0x1, [@generic="1c"]}]}, 0x1c}], 0x1}, 0x0) dup(r1) 18:12:49 executing program 3: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) lseek(r0, 0x0, 0x0) 18:12:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000040)=[{&(0x7f00000002c0)="19", 0x1}], 0x1, 0x8000000, 0x0) read(r0, &(0x7f0000000140)=""/78, 0xfffffdef) 18:12:49 executing program 3: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)}, {0x0, 0x0, 0x2800}], 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101000, 0x0) write$binfmt_aout(r0, 0x0, 0x220) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101000, 0x4) openat(0xffffffffffffffff, 0x0, 0x40, 0x189) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r1, &(0x7f00000045c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000300)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x6, 0x2, 0x0, [{@remote}]}]}}}], 0x20}}], 0x1, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) [ 145.529046] loop3: detected capacity change from 0 to 40 [ 145.564920] loop3: detected capacity change from 0 to 40 [ 145.581740] ieee80211 phy9: Selected rate control algorithm 'minstrel_ht' [ 145.598472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy 18:12:49 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x4d4, 0x3c}, 0x2, @in6=@empty, 0x0, 0x1, 0x0, 0xfe}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) [ 145.604713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 18:12:50 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) setsockopt$inet6_opts(r1, 0x29, 0x35, 0x0, 0x8) 18:12:50 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x4d4, 0x3c}, 0x2, @in6=@empty, 0x0, 0x1, 0x0, 0xfe}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) 18:12:50 executing program 1: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x101042, 0x0) fchownat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 18:12:50 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5412, &(0x7f0000000000)) 18:12:50 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 18:12:50 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:50 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5412, &(0x7f0000000000)) [ 146.812219] ieee80211 phy10: Selected rate control algorithm 'minstrel_ht' 18:12:51 executing program 5: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:51 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000000)='/usr/sbin/cups-browsed\x00', 0x17) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000100), 0x44b43, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x5320, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x12}}, 0x0) poll(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x8, 0x20010, 0xffffffffffffffff, 0x7fea3000) r4 = accept$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e) preadv(r4, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/195, 0xc3}, {&(0x7f0000001400)=""/29, 0x1d}, {&(0x7f0000001440)=""/41, 0x29}, {&(0x7f0000001480)=""/56, 0x38}, {&(0x7f00000014c0)=""/151, 0x97}, {&(0x7f0000001580)=""/18, 0x12}, {&(0x7f00000015c0)=""/213, 0xd5}], 0x8, 0x0, 0x9) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'rose0\x00'}) close_range(r3, r3, 0x0) 18:12:51 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5412, &(0x7f0000000000)) 18:12:51 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x89e0, 0x0) 18:12:51 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x4d4, 0x3c}, 0x2, @in6=@empty, 0x0, 0x1, 0x0, 0xfe}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) 18:12:51 executing program 1: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5609, 0xfffffffffffffffc) 18:12:51 executing program 7: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000008440)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000003d80)=[@dontfrag={{0x14, 0x29, 0x3e, 0x4}}], 0x18}}], 0x2, 0x0) 18:12:51 executing program 7: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:51 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:51 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZE(r0, 0x5412, &(0x7f0000000000)) 18:12:52 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x89e0, 0x0) 18:12:52 executing program 6: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:52 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:52 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000300)="6fb9", 0x2}], 0x1, &(0x7f0000000080)=[@ip_retopts={{0x10}}], 0xf}, 0x0) 18:12:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)={0x1c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, 0x1c}], 0x1}, 0x0) 18:12:52 executing program 7: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:52 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@newsa={0x144, 0x10, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {}, {}, 0x0, 0x0, 0xa, 0x1}, [@sec_ctx={0xc, 0x8, {0x8}}, @algo_auth={0x48, 0x1, {{'sha256-avx2\x00'}}}]}, 0x144}}, 0x0) 18:12:52 executing program 2: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:52 executing program 4: r0 = syz_io_uring_setup(0x4f02, &(0x7f00000002c0), &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000001d80)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x102) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x6e9a, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)}, 0x0) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 18:12:52 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x89e0, 0x0) 18:12:52 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendfile(r1, r0, 0x0, 0x10000027f) 18:12:52 executing program 6: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:52 executing program 5: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e"], 0x8) 18:12:52 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:53 executing program 0: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x89e0, 0x0) 18:12:53 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendfile(r1, r0, 0x0, 0x10000027f) 18:12:53 executing program 5: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e"], 0x8) 18:12:53 executing program 4: r0 = syz_io_uring_setup(0x4f02, &(0x7f00000002c0), &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000001d80)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x102) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x6e9a, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)}, 0x0) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 18:12:53 executing program 7: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:53 executing program 1: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:53 executing program 2: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:53 executing program 6: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x0, 0x2}}) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r4, &(0x7f00000001c0)='net/if_inet6\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1010c2, 0x0) r6 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x80000001) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000180)=[r6, r2]}, 0x2) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/locks\x00', 0x0, 0x0) sendfile(r5, r7, 0x0, 0x10000027f) pipe(&(0x7f00000000c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) syz_open_procfs(r8, &(0x7f00000001c0)='net/if_inet6\x00') r9 = open_tree(0xffffffffffffffff, &(0x7f00000002c0)='./file2\x00', 0x1000) kcmp$KCMP_EPOLL_TFD(r3, r8, 0x7, r5, &(0x7f0000000100)={r9, r2, 0xe6}) r10 = dup2(r1, r0) close_range(r10, 0xffffffffffffffff, 0x0) 18:12:53 executing program 5: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e"], 0x8) 18:12:53 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendfile(r1, r0, 0x0, 0x10000027f) 18:12:53 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r0 = syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x20f}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') syz_io_uring_setup(0x3740, &(0x7f0000000700)={0x0, 0x573c, 0x4, 0x3, 0x309, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) syz_io_uring_setup(0x2037bc, &(0x7f0000000400)={0x0, 0x82bc, 0x20, 0x1, 0x1f, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000480), &(0x7f00000006c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) syz_io_uring_setup(0x75e8, &(0x7f0000000200)={0x0, 0xa1dc, 0x10, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000780)) r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r2, 0x0) ftruncate(r0, 0xfffffffffffffff7) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa) 18:12:53 executing program 4: r0 = syz_io_uring_setup(0x4f02, &(0x7f00000002c0), &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000001d80)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x102) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x6e9a, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)}, 0x0) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 18:12:54 executing program 4: r0 = syz_io_uring_setup(0x4f02, &(0x7f00000002c0), &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000001d80)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x0, &(0x7f0000000280)}, 0x102) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) syz_io_uring_setup(0x6e9a, &(0x7f0000000040), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, r2, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)}, 0x0) io_uring_enter(r0, 0x6c64, 0x0, 0x0, 0x0, 0x0) 18:12:54 executing program 6: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x32, &(0x7f00000000c0), 0x4) 18:12:54 executing program 3: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendfile(r1, r0, 0x0, 0x10000027f) 18:12:54 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000008940)=[{{&(0x7f00000009c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000ec0)=[{&(0x7f0000000380)="9b9ec7aad36ade47a2f831509775519d29960b97131b80b2c52fe6367e380143d4e0c0ecc6de4b56171562e022a729740e85692c589cc2d5aeefd71851472c57d536e6d8ae310d3d5c5cfded575c8bc8cef0e73ed8ede4415b83130be11e91d51e97e6cfab54932e18c22be8fa6f3b223561366919aa6ceb9fab73b65a88f8af879b37f0c60dee682fa498d85de123d15779c9dad38b859d1a821d48f454b1270dc778fd8c48cba2d7261be6badd2473fc7ae61c0d97b5a8b49d", 0xfffffffd}, {0x0}], 0x2}}], 0x1, 0x0) 18:12:54 executing program 5: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e"], 0x8) 18:12:54 executing program 0: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r0 = syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x20f}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') syz_io_uring_setup(0x3740, &(0x7f0000000700)={0x0, 0x573c, 0x4, 0x3, 0x309, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) syz_io_uring_setup(0x2037bc, &(0x7f0000000400)={0x0, 0x82bc, 0x20, 0x1, 0x1f, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000480), &(0x7f00000006c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) syz_io_uring_setup(0x75e8, &(0x7f0000000200)={0x0, 0xa1dc, 0x10, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000780)) r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r2, 0x0) ftruncate(r0, 0xfffffffffffffff7) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa) 18:12:54 executing program 7: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:54 executing program 2: r0 = getpid() pidfd_open(r0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x200, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x7ff}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x0, 0xfffffffffffffffe, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0) syz_io_uring_setup(0x227d, &(0x7f0000000140)={0x0, 0x1240, 0x8, 0x2, 0xc1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000340), &(0x7f0000000200)) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10010, r1, 0x10000000) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, {{}, 0x0, @in6=@mcast2}}, 0xe8) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300), 0x242880, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=fscache,version=9p2000.u,pri\x00\x00\x00\x00\x00\x00\x00\x00devmap,loose,\x00osixacl,access=', @ANYRESDEC, @ANYBLOB=',access=any,cache=none,subj_role=,smackfsroot=,fsname=\\,smackfshat=,(^\\)\a^,hash,smackfsfloor=^#\",func=FIRMWARE_CHECK,\x00']) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) 18:12:54 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x53) sendmmsg(r0, &(0x7f0000004240)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="e9", 0x1}], 0x1}}], 0x1, 0x80d1) sendto$inet6(r0, &(0x7f0000000080)="b3", 0x1, 0x4040881, 0x0, 0x0) 18:12:54 executing program 6: perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0xc1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000007c0), 0x2}, 0xcc80, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_register$IORING_UNREGISTER_BUFFERS(0xffffffffffffffff, 0x1, 0x1000000, 0x0) r0 = syz_io_uring_setup(0x56ad, &(0x7f0000000140)={0x0, 0x6c4c, 0x10, 0x2, 0x20f}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000), &(0x7f0000000300)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002480)='fd/3\x00') syz_io_uring_setup(0x3740, &(0x7f0000000700)={0x0, 0x573c, 0x4, 0x3, 0x309, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000340)) getpid() pidfd_open(0x0, 0x0) syz_io_uring_setup(0x2037bc, &(0x7f0000000400)={0x0, 0x82bc, 0x20, 0x1, 0x1f, 0x0, r1}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000480), &(0x7f00000006c0)) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000040), 0xb}, 0x0, 0x20, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000004c0)) syz_io_uring_setup(0x75e8, &(0x7f0000000200)={0x0, 0xa1dc, 0x10, 0x0, 0x36}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000380), &(0x7f0000000780)) r2 = openat$sr(0xffffffffffffff9c, &(0x7f00000001c0), 0x105802, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000004, 0x2811, r2, 0x0) ftruncate(r0, 0xfffffffffffffff7) openat(r1, &(0x7f00000003c0)='./file0\x00', 0x40000, 0x80) close(r2) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa) 18:12:54 executing program 5: fallocate(0xffffffffffffffff, 0x0, 0x2, 0x3ff) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4042, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f0000000240)={'U+', 0x10001}, 0x16, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12140a7a, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_io_uring_complete(0x0) readahead(r3, 0x200, 0x2) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80000000, 0x81}, 0x603, 0x0, 0x0, 0x1}, 0x0, 0xffffffefffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000180)=ANY=[@ANYRESHEX=r2], 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010000000000000000001c"], 0x14}}, 0x0) fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f0000000340)) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x4, &(0x7f00000001c0), &(0x7f0000000200)=0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pwritev(r6, &(0x7f0000000080)=[{&(0x7f0000000140)='\x00', 0x1a}], 0x1, 0x7fffffc, 0x0) perf_event_open(&(0x7f0000000280)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r0, r0, 0x0, 0x100000) 18:12:54 executing program 4: perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, 0x0) mlockall(0x3) 18:12:54 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') pread64(r0, &(0x7f0000000180)=""/16, 0x2f00, 0x76) 18:12:54 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x53) sendmmsg(r0, &(0x7f0000004240)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="e9", 0x1}], 0x1}}], 0x1, 0x80d1) sendto$inet6(r0, &(0x7f0000000080)="b3", 0x1, 0x4040881, 0x0, 0x0) 18:12:54 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x53) sendmmsg(r0, &(0x7f0000004240)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="e9", 0x1}], 0x1}}], 0x1, 0x80d1) sendto$inet6(r0, &(0x7f0000000080)="b3", 0x1, 0x4040881, 0x0, 0x0) 18:12:54 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x53) sendmmsg(r0, &(0x7f0000004240)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="e9", 0x1}], 0x1}}], 0x1, 0x80d1) sendto$inet6(r0, &(0x7f0000000080)="b3", 0x1, 0x4040881, 0x0, 0x0) VM DIAGNOSIS: 18:12:40 Registers: info registers vcpu 0 RAX=000000000000006f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822b1e41 RDI=ffffffff8763fae0 RBP=ffffffff8763faa0 RSP=ffff88804301f348 R8 =0000000000000001 R9 =000000000000000a R10=000000000000006f R11=0000000000000001 R12=000000000000006f R13=ffffffff8763faa0 R14=0000000000000010 R15=ffffffff822b1e30 RIP=ffffffff822b1e99 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f4a4bf95700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f0ece6074a1 CR3=000000003f938000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f4a4eb067c0 00007f4a4eb067c8 YMM02=0000000000000000 0000000000000000 00007f4a4eb067e0 00007f4a4eb067c0 YMM03=0000000000000000 0000000000000000 00007f4a4eb067c8 00007f4a4eb067c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88806ce3eda0 RCX=0000000000000000 RDX=ffff88801da13580 RSI=ffffffff813bccdb RDI=0000000000000005 RBP=0000000000000003 RSP=ffff888042edf960 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffed100d9c7db5 R13=ffff88806ce3eda8 R14=0000000000000001 R15=dffffc0000000000 RIP=ffffffff813bccdd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 000055555743a400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4a4eb286dc CR3=000000003f938000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f4a4eb067c0 00007f4a4eb067c8 YMM02=0000000000000000 0000000000000000 00007f4a4eb067e0 00007f4a4eb067c0 YMM03=0000000000000000 0000000000000000 00007f4a4eb067c8 00007f4a4eb067c0 YMM04=0000000000000000 0000000000000000 ffffffffffffffff ffffffff00000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 000000524f525245 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 00524f5252450040 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000